Obama Set to Create Cybersecurity Czar/broad mandate

Obama Set to Create A Cybersecurity Czar With Broad Mandate
Shielding Public, Private Networks Is Goal

By Ellen Nakashima
Washington Post Staff Writer
Tuesday, May 26, 2009

President Obama is expected to announce late this week that he will create a "cyber czar," a senior White House official who will have broad authority to develop strategy to protect the nation's government-run and private computer networks, according to people who have been briefed on the plan.

The adviser will have the most comprehensive mandate granted to such an official to date and will probably be a member of the National Security Council but will report to the national security adviser as well as the senior White House economic adviser, said the sources, who spoke on the condition of anonymity because the deliberations are not final.

The announcement will coincide with the long-anticipated release of a 40-page report that evaluates the government's cybersecurity initiatives and policies. The report is intended to outline a "strategic vision" and the range of issues the new adviser must handle, but it will not delve into details, administration officials told reporters last month.

Cybersecurity "is vitally important, and the government needs to be coordinated on this," a White House official said Friday, speaking on the condition of anonymity. "The report give conclusions and next steps. It's trying to steer us in the right direction."

The document will not resolve the politically charged issue of what role the National Security Agency, the premier electronic surveillance agency, will have in protecting private-sector networks. The issue is a key concern in policy circles, and experts say it requires a full and open debate over legal authorities and the protection of citizens' e-mails and phone calls. The Bush administration's secrecy in handling its Comprehensive National Cybersecurity Initiative, most of which was classified, hindered such a debate, privacy advocates have said.
ad_icon

The White House's role will be to oversee the process, formulate policy and coordinate agencies' roles, and will not be operational, administration officials have said.

Obama was briefed a week ago and signed off on the creation of the position, the sources said. But as of Friday, discussions were continuing as to what rank and title the adviser would have. The idea is to name someone who can "pick up the phone and contact the president directly, if need be," an administration official said, speaking on the condition of anonymity.

Obama pledged during his presidential campaign to elevate the issue of cybersecurity to a "top priority" and to appoint a national cybersecurity adviser "who will report directly to me."

Having the adviser report to both the national security and economic advisers suggests that the White House is seeking to ensure a balance between homeland security and economic concerns, the sources said. It also indicates an effort to quell an internal political battle in which Lawrence H. Summers, the senior White House economic adviser, is pushing for the National Economic Council to have a key role in cybersecurity to ensure that efforts to protect private networks do not unduly threaten economic growth, the sources said.

The report suggests that although it is a key government responsibility to help secure private-sector networks, regulation should be the last resort, the sources said. The report touts the concept of public-private partnerships to protect nongovernmental systems. It discusses the need to provide incentives for greater data sharing and risk management, and to use the procurement process to drive greater security, they said.

The report recommends that members be appointed to the Privacy and Civil Liberties Oversight Board, an independent executive branch agency created by Congress in 2007 to ensure that privacy concerns are considered in the implementation of counterterrorism policies and laws. The report suggests that the board's mandate expressly include cybersecurity, the sources said.

The document is based on a 60-day review of cyber policies, led by Melissa Hathaway, the interim White House cybersecurity adviser and former intelligence official who is a contender for the new position. During that review, Hathaway's team had dozens of meetings with representatives from industry, academia and civil liberties groups, and received more than 100 papers.